/// <summary>
/// Builds an unsigned DKIM-Signature header. Note that the returned
/// header will NOT have a CRLF at the end.
/// </summary>
/// <param name="bodyHash">The hash of the body.</param>
/// <returns>The unsigned DKIM-Signature header.</returns>
private string GetUnsignedDkimHeader(DomainElement domain, string bodyHash)
{
return(string.Format(
CultureInfo.InvariantCulture,
"DKIM-Signature: v=1; a={0}; s={1}; d={2}; c={3}/{4}; q=dns/txt; h={5}; bh={6}; b=;",
this.hashAlgorithmDkimCode,
domain.getSelector(),
domain.getDomain(),
this.headerCanonicalization.ToString().ToLower(),
this.bodyCanonicalization.ToString().ToLower(),
string.Join(" : ", this.eligibleHeaders.OrderBy(x => x, StringComparer.Ordinal).ToArray()),
bodyHash));
}
/// <summary>
/// Gets the version of the DKIM-Signature header with the signature appended, along with
/// the CRLF.
/// </summary>
/// <param name="unsignedDkimHeader">The unsigned DKIM header, to use as a template.</param>
/// <param name="canonicalizedHeaders">The headers to be included as part of the signature.</param>
/// <returns>The signed DKIM-Signature header.</returns>
private string GetSignedDkimHeader(DomainElement domain, string unsignedDkimHeader, IEnumerable <string> canonicalizedHeaders)
{
byte[] signatureBytes;
string signatureText;
StringBuilder signedDkimHeader;
if (domain.CryptoProvider == null)
{
throw new Exception("CryptoProvider for domain " + domain.getDomain() + " is null.");
}
using (var stream = new MemoryStream())
{
using (var writer = new StreamWriter(stream))
{
foreach (var canonicalizedHeader in canonicalizedHeaders)
{
writer.Write(canonicalizedHeader);
}
if (this.headerCanonicalization == DkimCanonicalizationKind.Relaxed)
{
unsignedDkimHeader = Regex.Replace(unsignedDkimHeader, @" ?: ?", ":");
string[] temp = unsignedDkimHeader.Split(new char[] { ':' }, 2);
unsignedDkimHeader = temp[0].ToLower() + ":" + temp[1];
}
writer.Write(unsignedDkimHeader);
writer.Flush();
stream.Seek(0, SeekOrigin.Begin);
// Why not pass this.hashAlgorithm here, since we already have it? If we're supporting
// Exchange 2007, then we're stuck on CLR 2.0. The SHA-256 functionality was added in
// .NET 3.5 SP1, but it was done in such a way that the switch statement used internally
// by the Crypto .NET classes won't recognize the new SHA256CryptoServiceProvider type.
// So, we have to use the string method instead. More details available at
// http://blogs.msdn.com/b/shawnfa/archive/2008/08/25/using-rsacryptoserviceprovider-for-rsa-sha256-signatures.aspx
signatureBytes = domain.CryptoProvider.SignData(stream, this.hashAlgorithmCryptoCode);
}
}
signatureText = Convert.ToBase64String(signatureBytes);
signedDkimHeader = new StringBuilder(unsignedDkimHeader.Substring(0, unsignedDkimHeader.Length - 1));
signedDkimHeader.Append(signatureText);
signedDkimHeader.Append(";\r\n");
return(signedDkimHeader.ToString());
}
